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Introduction 


The convergence of DevOps, Security and Artificial Intelligence is bringing 
us toward a turning point that nobody can ignore. This year at the RSA 
Conference 2020, we saw a multitude of industry professionals, once again, 
coming together to discuss their experience, concerns, and hopes for the 


future. 


One of our goals here at WhiteHat, is to always stay connected to what is 
happening in the security industry, and what people are thinking and feeling 
through their everyday journey. That’s why this year, we decided to conduct a 
Survey at the RSA Conference, asking industry professionals specifically what 
their experience and sentiments were about human expertise and the use of 
artificial intelligence in identifying and remediating application vulnerabilities. 


Report Highlights 


1. Half of organizations use Al or machine 2. 60% trust findings verified 
learning in their security stacks by humans over Al 


3. 75% use an application 4. 40% of those appsec solutions use 
security tool both Al and human-based verification 
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Research Findings 


The “Al and Human Element Security Sentiment Study” is based on a Survey of 
102 industry professionals at the RSA Conference 2020. The research 





revealed that while over half of organizations use artificial intelligence (Al) 
or machine learning in their security stack, nearly 60 percent are still more 
confident in cyberthreat findings verified by humans over Al. 


The survey responses, along with the theme of “Human Element” at RSA 
Conference 2020, reflect the need for security organizations to incorporate 
both Al- and human-centric offerings, especially in the application security 
Space. Three-quarters of respondents use an application security tool, and 
more than 40 percent of those application security solutions use both Al-based 
and human-based verification. 


Artificial Intelligence in Application Security 


Al and machine learning have provided several advantages for cybersecurity 
professionals overall the past several years, especially in the face of the 
technology talent gap, which has left 45 percent of respondents’ companies 
lacking a sufficiently staffed cybersecurity team. 


More than 7O percent of respondents agree that Al-based tools made their 
cybersecurity teams more efficient by eliminating over 55 percent of mundane 
tasks. Nearly 40 percent of respondents also feel their stress levels have 
decreased since incorporating Al tools into their security stack, and of those 
particular participants, 65 percent claim these tools allow them to focus more 
closely on cyberattack mitigation and preventive measures than before. 
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The Human Element is Still Needed 


However, a majority of respondents emphasize there are skills that the human 
element provides that Al and machine learning simply cannot match. 


Nearly 60 percent are still more confident in cyberthreat 
findings verified by humans over Al. 


Despite the number of advantages Al-based technologies offer, respondents 
also reflected on the benefits the human element provides cybersecurity 
teams. 


Thirty percent of respondents cited intuition as the most important 
human element, 21 percent emphasized the importance of creativity, 
and nearly 20 percent agreed that previous experience and frame of 
reference is the most critical human advantage. 


Innovation in Application Security 


At WhiteHat, we leverage over 150 TB of security data that corresponds to over 100 million 
attack vectors to drive a very important facet of application security — accuracy of results 
through vulnerability verification. In doing so, WhiteHat Security engineers and researchers 
have developed, trained and tested machine learning models that enable increasingly 
automated vulnerability verification. This automated vulnerability verification allows 
engineers and researchers the time to develop additional security tests and spend an 
increasing amount of time in security research that benefits our customers. 
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The machine learning subsystem is tightly integrated into the WhiteHat Application Security 
Platform as well as the Threat Research and Operations Center's service delivery process. 
This allows the Threat Research and Operations Center to govern and evolve the system 
without disrupting the customer experience. In addition, a subset of vulnerabilities always go 
through human verification for the following reasons: 


1. To ensure that vulnerabilities that can’t be automatically verified by the machine 


learning subsystem are verified by humans. 


2. To add new human curated vulnerabilities to the 150+ TB attack vector data lake for 
future machine learning endeavors. 


3. For performing quality control on a sample of the automatically verified vulnerabilities 
and provide a feedback loop to fine-tune machine learning models as needed. 


ABOUT WHITEHAT SECURITY 


WhiteHat is the leading advisor for application security with the most comprehensive platform powered by artificial and human 
intelligence. Trusted for nearly two decades, by mid-size and Fortune 500 companies, WhiteHat Security empowers secure DevOps 
by continuously assessing the risk of software assets throughout the Software Development Life Cycle (SDLC). The Company is an 
independent, wholly owned subsidiary of NTT Ltd., and is headquartered in San Jose, California, with regional offices across the 
United States and Europe. 


www.whitehatsec.com 
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